Amazon AMI Build Guide January Doc Version 1.5
|
|
- Shon Webb
- 6 years ago
- Views:
Transcription
1 Amazon AMI Build Guide January 2018 Doc Version 1.5 1
2 TABLE OF CONTENTS 1 Authors Preface Introduction Build Installation Architecture Overview Version 3 Happy Snap Features Provided CF Template Installation Key Information Pre-Requisites Cloudformation Stack Deployment Web Application Setup User SETUP User Roles Site Administration Site LDAP Settings Operational Overview Log View Shell Interaction VPN Access Skedler Licensing
3 1 AUTHORS PREFACE In 2015, one of our corporate clients told us of their frustrations with the exorbitant licensing costs of commercial Security Information and Events Management (SIEM) products. The customer light heartedly asked whether we could build them an open source SIEM to get rid of these annual license fees. We thought that was a great idea and set out so to develop a SIEM product for Managed Security Service Providers (MSSP s) and Security Professionals. This product is called SIEMonster. SIEMonster Version 1 was released in late April of 2016 and a commercial release in November The release has been an astounding success without over 100,000 downloads of the product. We have assisted individuals and companies integrate SIEMonster into small medium and extra-large companies all around the world. SIEMonster with the help of the community and a team of developers have been working hard since the Version1 release incorporating what the community wanted to see in a SIEM as well as things we wanted to see in the next release. Along the way we have signed up MSSP s from around the world who have contributed to the rollout of SIEMonster and in return they have assisted us with rollout scripts, ideas and things we hadn t even considered. We are now proud to release the latest Version 3.0 Beta, and finalized in February 2018 for Alpha Release. We have added the following features to this release ELK Stack updated to version 5.5 Built in Searchguard open source RBAC & encrypted node to node transport Wazuh HIDS system with Kibana plugin and OpenSCAP options & simplified agent registration process Simplified installation process for both Rancher Docker orchestration & SIEMonster web application All new dashboard with options for 2fa, site administration with user role based access and faster load times Built in parsers for most proprietary devices Preloaded Minemeld threat intel feeds integrated with log ingest out of the box. COREOS with NFS support We have also automated correlation with Palo Alto MineMeld Open Source Threat Intelligence and added two factor authentication and easier rollouts. The transition has now been completed to a full containerize all aspects of the SIEMonster application pool using the popular Docker system. This allows us to run on any hardware, cloud or operating system. It also provides the architecture for docker containers to be moved to other servers during downtime without affecting the SIEM. We welcome you to try out our fully functional SIEM product, and if you wish to upgrade to our Premium version with Advanced Correlation, Reporting, Auditing and support please contact sales@siemonster.com. 3
4 2 INTRODUCTION SIEMonster Version 3 is built on the best open source components and custom develop from a wish list from the SIEMonster community. This document will cover the architecture, the features and the open source components that make up SIEMonster, so that all security professionals can run a SIEM in their organisations with no budget. If you would like more information about the architecture please see our High-Level Design. SIEMonster is built on CoreOS, Docker with Rancher, Kubernetes orchestration. The product comes in Vbox, VMware, Bare-metal or Cloud install on AWS/Azure. SIEMonster can scale horizontally and vertically to support any enterprise client. Some of these features include. OSINT from PaloAlto Minemeld. OSSEC Wazuh fork. Full integration with OSSEC Wazuh fork for Host Intrusion Detection and PCIDSS ruleset incorporated into Elastic. 411 demonstrated at DEFCON. Instant Incident Alerting via or SMS or Console view via a secure portal and integration with Slack / PagerDuty / Jira using 411 Streams. Open Source AuditIT by Opmantek. Open Source Incident Response. Alerts maybe escalated as tickets to other operators or a whiteboard to show night shift analysts current issues. Elastalert, Event Monitor Alerting from the Guardian Newspaper. Data Correlation UI, community rulesets and dashboards, community and open source free plugins that make the SIEM. Incorporate your existing Vulnerability Scans into the Dashboard, (OpenVAS, McAfee, Nessus etc.) We have also developed and built in LDAP integration, advanced correlation and two factor authentication. 4
5 3 BUILD INSTALLATION ARCHITECTURE OVERVIEW SIEMonster V3 cloud deployment is a modular Docker container system which will run on all operating systems supporting Docker. Architecturally this was chosen for portability across platforms, supporting not only most container platforms such as AWS ECS, Azure etc. but also VMWare, VirtualBox and bare metal installs used by our corporate customers. This will provide simplified upgrade paths and scaling potential as well as high availability. Flexible deployment solutions include most cloud container platforms such as AWS, Azure, Digital Ocean etc. Also, options are available for VMware ESX and bare metal installs. For AWS deployment, the platform chosen is the open source container management system provided by Rancher Labs. Rancher supplies the entire software stack needed to manage containers in production. Rancher software consists of four major components: 1. INFRASTRUCTURE ORCHESTRATION Rancher takes in raw computing resources from any public or private cloud in the form of Linux hosts. Each Linux host can be a virtual machine or physical machine. Rancher does not expect more from each host than CPU, memory, local disk storage, and network connectivity. From Rancher s perspective, a VM instance from a cloud provider and a bare metal server are indistinguishable. Rancher implements a portable layer of infrastructure services designed specifically to power containerized applications. Rancher infrastructure services include networking, storage, load balancer, DNS, and security. Rancher infrastructure services are typically deployed as containers themselves, so that the same Rancher infrastructure service can run on any Linux hosts from any cloud. 2. CONTAINER ORCHESTRATION AND SCHEDULING Many users choose to run containerized applications using a container orchestration and scheduling framework. Rancher includes a distribution of all popular container orchestration and scheduling frameworks today, including Docker Swarm, Kubernetes, and Mesos. The same user can create multiple Swarm or Kubernetes clusters. They can then use the native Swarm or Kubernetes tools to manage their applications. In addition to Swarm, Kubernetes, and Mesos, Rancher supports its own container orchestration and scheduling framework called Cattle. Cattle was originally designed as an extension to Docker Swarm. As Docker Swarm continues to develop, Cattle and Swarm started to diverge. Rancher will therefore support Cattle and Swarm as separate frameworks going forward. Cattle is used extensively by Rancher itself to orchestrate infrastructure services as well as setting up, managing, and upgrading Swarm, Kubernetes, and Mesos clusters. 3. APPLICATION CATALOG Rancher users can deploy an entire multi-container clustered application from the application catalog with one click of a button. Users can manage the deployed applications and perform fully automated upgrades when new versions of the application become available. Rancher maintains a public catalog consisting of popular applications contributed by the Rancher community. Rancher users can create their own private catalogs.w ith this deployment, custom Rancher catalog applications have been created for the SIEMonster stack. Using the Rancher network overlay, the SIEMonster container application loads have been evenly balanced across four nodes. 4. ENTERPRISE-GRADE CONTROL Rancher supports flexible user authentication plugins and comes with pre-built user authentication integration with Active Directory, LDAP, and GitHub. Rancher supports Role-Based Access Control (RBAC) at the level of environments, allowing users and groups to share or deny access to, for example, development and production environments. 5
6 4 VERSION 3 HAPPY SNAP FEATURES All new mobile friendly interface 6
7 Updated fast loading dashboard Pre-Configured Dashboards 7
8 Role based access control with LDAP integration 8
9 Customizable Dashboards Raw Log searches 9
10 Full Stack Monitoring Alerting 10
11 Wazuh HIDS Integration Threat Intel Vulnerability Management 11
12 Event Monitor Reporting 12
13 Audit and Discovery Upgrade to Premium for more advanced features including full reporting, customizations, upgrades and support 13
14 5 PROVIDED CF TEMPLATE The SIEMonster CloudFormation template provides the means to build a scalable cluster comprising the base build for all 5 servers required. Also included within this template: Internal & external load balancer options Auto-scaling groups Security Groups RDS Backend Database DNS Zone VPN server for cluster access Multi AZ private network + VPC s Auto Mounted EFS The five servers are comprised of Proteus (Application Server) Capricorn (Application Server) Kraken (Elasticsearch) Tiamat (Elasticsearch) Makara (Rancher / Orchestration Server / Ingestion Server) For production deployment, the minimum recommended AWS instance types are as follows: SIEMonster Server Amazon Instance Makara Rancher Server /Ingest/Web c5.2xlarge Capricorn Application Server c5.2xlarge Proteus Application c5.2xlarge Kraken Elasticsearch Data Node c5.4xlarge Tiamat Elasticsearch Data Node c5.4xlarge For development purposes, these instances may be deployed with the following AWS instance types: SIEMonster Server Amazon Instance Makara Rancher Server /Ingest/Web c5.xlarge Capricorn Application Server c5.xlarge Proteus Application c5.xlarge Kraken Elasticsearch Data Node c5.xlarge Tiamat Elasticsearch Data Node c5.xlarge 14
15 6 INSTALLATION 6.1 KEY INFORMATION PRE-REQUISITES Registered domain on AWS AWS generated SSL Certificates for chosen subdomains, e.g. siemportal.corp.clientname.com (see Appendix for further details). 6.2 CLOUDFORMATION Goto the SIEMonster website and click on Download to register: Download the latest Cloudformation zip for Amazon AMI - SIEMonster. Open the AWS CloudFormation area within the AWS console Unzip the downloaded template Create Stack Choose a template Upload a template to Amazon S3 Choose file Choose file downloaded SIEMonster CF template Next Flexible options are provided. Mandatory options are indicated below, see Appendix A for further details: Note: The VPN Password, Hostname is required to connect into the SIEM remotely into AWS. This VPN Hosts removes the requirement for having the large firewall rule set from the previous version on SIEMonster. 15
16 16
17 In the above example, the web application will be deployed at: For Public DNS Zones, choose internet-facing Stack Type. For Private DNS Zones choose internal These details will be required in Section 6.3 Stack Deployment The Rancher Server will be deployed to: The VPN server will be deployed at to: SSH credentials to the hosts is rancher/s13m0nsterv3 17
18 Click on Next when finished. Options - Add IAM role if applicable, Next. Review and Create, after acknowledging IAM resource confirmation. Stack creation will take around 10 minutes to complete - refresh page to monitor status. Indication will be given on completion. Check the outputs for Rancher Server login URL. 18
19 Allow an additional 5 minutes for the Rancher cluster creation. Open the output URL and login with the credentials provided during the setup phase. (default admin/ s13m0nsterv3) Infrastructure Hosts At this stage access to the internal cluster hosts is via VPN only. Open the EC2 dashboard and identify the created instances. 19
20 6.3 STACK DEPLOYMENT The SIEMonster V3 application catalog item is pre-loaded. Navigate to the V3 catalog and click View Details for the SIEMonster V3 App. Choose V3 Under New Stack, substitute projectname for the required application name. This name will be used for your site domain in the next step Using the example details entered in section 6.2 Cloudformation: siemonster-project-projectname change this to siemportal siemonster-project-siemportal Under Configuration Options, substitute projectname for the name chosen previously in the CloudFormation template For example Name: siemonster-project-siemportal will become Site domain name: siemportal.corp.clientname.com (domain name must have 4 names) 20
21 Before After Next set the Elasticsearch JAVA HEAP SIZE per the AWS instance type deployed. For Elasticsearch Data Nodes, this should be set to a value half of the available system RAM. If you have selected C5.xlarge for a demo leave these settings as default. For the Master & Client nodes, the heap sizes can be left as default as these can be modified to suit at any time post-install. 21
22 Set the administrator address for the SIEMonster Web interface. This should be the same that will be used in Chapter 7 Web Application Setup. The remaining application passwords should be changed from the defaults, see Appendix B for change management table. Aside from the CertAuth, Truststore & KeyStore passwords, all passwords can be changed post-install if required. The SITE_ID option should be left at default, as initially the Logstash Heap Size If Gmail alert relaying is required set the appropriate values. It is recommended to setup a Gmail account specifically for this purpose. Finally, click on Launch. The stack will take around 5-10 minutes to build. The status can be viewed under Stacks User On completion, the status will turn to green for all items: Leave a few minutes for the DNS to propagate and the system health checks to complete before opening the web application URL, e.g. from the example shown previously. 22
23 7 WEB APPLICATION SETUP For the Root Domain, enter the domain name used in Section 6 e.g. siemportal.corp.clientname.com The Admin User address should be the same as that entered in section 6.3 Stack Deployment Strong passwords are enforced and must be 8 Characters in Length, upper and lower-case letters, at least 1 number, at least 1 symbol Click Setup on completion. On successful setup, a sign in page will appear: 23
24 Sign in with the credentials entered during the above Setup phase. Note that the Authentication Code for 2FA if required, can be setup after initial login. 24
25 8 USER SETUP For each logged on user there is an option available under the user menu, top right, to modify the users profile. This includes changing the display name, changing the password or adding two factor authentication. 8.1 USER ROLES User Roles are used to allow access to different components within the SIEM. Two roles are preconfigured during deployment admin and user. The admin role contains all default role options for frames (home page tiles) and dashboards (Kibana). New frames may also be added using the Create Frame option: Similarly, after creating new dashboards within Kibana, menu links to these items may be added using the Create Dashboard option. 25
26 Using the Settings option, the frame can be modified if required and an image used to reflect the properties of the frame. Similarly, the default Dashboard URLs may be modified to suit if required. 26
27 The users role is designed for new users who have been allocated login credentials without a specific role. This is useful when allocating members of an LDAP group. A single support access tile is provided. New roles may be added using the Create Role option. Access to relevant frames can be enabled and settings modified if required. If the Dashboards frame is enabled, a Dashboard settings section will appear, providing options to enable or disable dashboards specific to the role.. 27
28 9 SITE ADMINISTRATION Under the Profile option is the Site Administration option. This is used to setup site settings, new local or LDAP users, roles and custom dashboard setup for each user. 9.1 SITE settings are configured to use Mailgun, for which a free account can be setup at This mail account is for the web application only, which will send out notifications when a user logs on to the SIEM. 9.2 LDAP SETTINGS LDAP settings can be used to setup Active Directory users. It is recommended to create a group within the AD and then add users to this group who will require access. Once completed, click on Save LDAP Settings. The entered details will first be confirmed correct before being saved. LDAP users in the chosen group will now be able to login using their corporate address and active directory password. 28
29 10 OPERATIONAL OVERVIEW 10.1 LOG VIEW The Rancher Server - Platform Orchestration Management System can be accessed at the URL designated during the Cloud Formation deployment, e.g. using the credentials that were supplied. The logs for each container can be viewed within the Rancher Server UI as follows: First click on a container Next click on the menu to the right and choose View Logs: This is useful for diagnostics and maintenance, the logs for any container can be viewed in this manner. 29
30 10.2 SHELL INTERACTION Following the above steps and choosing the Execute Shell option, a terminal may be opened to each container if any maintenance is required. For access to the configuration files, rules, etc. see the following section VPN access. If any changes have been made, the container can be restarted on the main screen: 30
31 10.3 VPN ACCESS VPN via the Bastion host provides connectivity for terminal/log access to the private subnets hosting the platform. To download the client certificate first browse to the allocated URL on port 943, e.g. Change the access option to Login and use the credentials provided in the CF template. If the VPN client application is required, it may be downloaded in the next screen. The connection profile for the client can now be downloaded as highlighted below: This profile can now be imported into the VPN client. For Windows, use the import from local file option. Once imported a VPN session can be established by using the Connect as admin option from OpenVPN Connect to the IP address shown. Once connected, SSH access will be available to the SIEMonster cluster using the SSH key provided during CloudFormation deployment and username core. Host IP addresses can be found in the Rancher Server UI Infrastructure Hosts 31
32 11 SKEDLER LICENSING Reports - Menu Click on Activate License Use the provided trial license key fill out the details to activate the license. Configure the and Time Zone settings as appropriate. Options are also available for setting a proxy, Slack messages and uploading a custom logo. 32
33 33
34 Appendix A: AWS SSL Certificate requirements AWS Requirements Request a certificate for the Rancher server, e.g. for a chosen domain name of corp.clientname.com request a certificate for this domain name plus and Additional name of *.corp.clientname.com Request a certificate for the SIEMonster web application, e.g. for a chosen domain name of siemportal.corp.clientname.com request a certificate for this domain name with an Additional name of *. siemportal.corp.clientname.com Key AWS Cloud Formation Settings ZoneName AWS hosted domain name ZoneID Zone ID for the AWS hosted domain name WebAppSSLSertARN Under Certificate Management, the ARN for the SSL certificate issued for the SIEMonster web application WebAppDomain the first 2 octets of the domain name for the web application, e.g. siemportal.corp SSLCertArn The ARN for the SSL certificate issued for the Rancher Server SSHKeyName Predefined AWS key RancherUIDomain The chosen subdomain for the SIEMonster platform, e.g. corp RancherSvrInstanceClass the AWS instance type required, e.g. C5.2xlarge (should match RancherAgentsInstanceClass for basic non-ha deployments) RancherSvrVolumeSize The GP2 root volume size for Makara, minimum of 30GB RancherAgentsVolumeSize The GP2 root volume size for the remaining instances, minimum of 30GB RancherAgentsInstanceClass The AWS instance type required, e.g. C5.2xlarge RancherAdminPassword Strong password required BastionHostName VPN hostname allocation, e.g. bastion-host BastionAdminPassword Strong password required for VPN admin 34
35 Appendix B: Password Table for change management Use only Alphanumeric passwords, e.g. Ys3CretpAss624 Application Username Password Grafana (Health) admin admin Web App Mongo siemuser01 s13m0nsterv3 Mongo Hash Salt N/A 6b44d8edb86b4ca8bb8f3aaa35ddaf7d RabbitMQ admin s13m0nsterv3 Wazuh API siemonster s13m0nsterv3 Logstash logstash s13m0nsterv3 CA N/A s13m0nsterv3 411 admin admin IR admin admin Minemeld admin mimemeld Truststore N/A s13m0nsterv3 Keystore N/A s13m0nsterv3 Elastic elastic s13m0nsterv3 Beats beats s13m0nsterv3 Skedler skedler s13m0nsterv3 MySQL fouronone s13m0nsterv3 MySQL Root root s13m0nsterv3 Rancher admin s13m0nsterv3 SSH rancher s13m0nsterv3 35
Amazon AMI Build Guide May Doc Version 2.0
Amazon AMI Build Guide May 2018 Doc Version 2.0 1 TABLE OF CONTENTS 1 Authors Preface... 3 2 Introduction... 4 3 Build Installation Architecture Overview... 5 4 V3 Happy SNAP Features... 6 5 Provided CF
More informationVM Build Guide January Doc Version 1.6
VM Build Guide January 2018 Doc Version 1.6 1 TABLE OF CONTENTS 1 Authors Preface... 3 2 Introduction... 4 3 Build Installation Architecture Overview... 5 4 Version 3 Happy Snap Features... 6 5 Provided
More informationVirtual Box Build Guide January Doc Version 1.5
Virtual Box Build Guide January 2018 Doc Version 1.5 1 TABLE OF CONTENTS 1 Authors Preface... 3 2 Introduction... 4 3 Build Installation Architecture Overview... 5 4 V3 Happy Snap Features... 6 5 Provided
More informationVirtual Box Build Guide May Doc Version 2.0
Virtual Box Build Guide May 2018 Doc Version 2.0 1 TABLE OF CONTENTS 1 Authors Preface... 3 2 Introduction... 4 3 Build Installation Architecture Overview... 5 4 V3 Happy Snap Features... 6 5 Configuration
More informationVM Build Guide May Doc Version 2.0
VM Build Guide May 2018 Doc Version 2.0 1 TABLE OF CONTENTS 1 Authors Preface... 3 2 Introduction... 4 3 Build Installation Architecture Overview... 5 4 Version 3 Happy Snap Features... 6 5 Configuration
More informationBare Metal Build Guide January Doc Version 1.8
Bare Metal Build Guide January 2018 Doc Version 1.8 1 TABLE OF CONTENTS 1 Authors Preface... 3 2 Introduction... 4 3 Build Installation Architecture Overview... 5 4 Version 3 Happy Snap Features... 6 5
More informationVM Build Guide January Doc Version 1.8
VM Build Guide January 2018 Doc Version 1.8 1 TABLE OF CONTENTS 1 Authors Preface... 3 2 Introduction... 4 3 Build Installation Architecture Overview... 5 4 Version 3 Happy Snap Features... 6 5 Provided
More informationEASILY DEPLOY AND SCALE KUBERNETES WITH RANCHER
EASILY DEPLOY AND SCALE KUBERNETES WITH RANCHER 2 WHY KUBERNETES? Kubernetes is an open-source container orchestrator for deploying and managing containerized applications. Building on 15 years of experience
More informationAWS Remote Access VPC Bundle
AWS Remote Access VPC Bundle Deployment Guide Last updated: April 11, 2017 Aviatrix Systems, Inc. 411 High Street Palo Alto CA 94301 USA http://www.aviatrix.com Tel: +1 844.262.3100 Page 1 of 12 TABLE
More informationPuppet on the AWS Cloud
Puppet on the AWS Cloud Quick Start Reference Deployment AWS Quick Start Reference Team March 2016 This guide is also available in HTML format at http://docs.aws.amazon.com/quickstart/latest/puppet/. Contents
More informationCPM. Quick Start Guide V2.4.0
CPM Quick Start Guide V2.4.0 1 Content 1 Introduction... 3 Launching the instance... 3 CloudFormation... 3 CPM Server Instance Connectivity... 3 2 CPM Server Instance Configuration... 4 CPM Server Configuration...
More informationStreamSets Control Hub Installation Guide
StreamSets Control Hub Installation Guide Version 3.2.1 2018, StreamSets, Inc. All rights reserved. Table of Contents 2 Table of Contents Chapter 1: What's New...1 What's New in 3.2.1... 2 What's New in
More informationNGF0502 AWS Student Slides
NextGen Firewall AWS Use Cases Barracuda NextGen Firewall F Implementation Guide Architectures and Deployments Based on four use cases Edge Firewall Secure Remote Access Office to Cloud / Hybrid Cloud
More informationHySecure Quick Start Guide. HySecure 5.0
HySecure Quick Start Guide HySecure 5.0 Last Updated: 25 May 2017 2012-2017 Propalms Technologies Private Limited. All rights reserved. The information contained in this document represents the current
More informationHow-to Guide: Tenable.io for Microsoft Azure. Last Updated: November 16, 2018
How-to Guide: Tenable.io for Microsoft Azure Last Updated: November 16, 2018 Table of Contents How-to Guide: Tenable.io for Microsoft Azure 1 Introduction 3 Auditing the Microsoft Azure Cloud Environment
More informationAt Course Completion Prepares you as per certification requirements for AWS Developer Associate.
[AWS-DAW]: AWS Cloud Developer Associate Workshop Length Delivery Method : 4 days : Instructor-led (Classroom) At Course Completion Prepares you as per certification requirements for AWS Developer Associate.
More informationThoughtSpot on AWS Quick Start Guide
ThoughtSpot on AWS Quick Start Guide Version 4.2 February 2017 Table of Contents Contents Chapter 1: Welcome to ThoughtSpot...3 Contact ThoughtSpot... 4 Chapter 2: Introduction... 6 About AWS...7 Chapter
More informationBaremetal with Apache CloudStack
Baremetal with Apache CloudStack ApacheCon Europe 2016 Jaydeep Marfatia Cloud, IOT and Analytics Me Director of Product Management Cloud Products Accelerite Background Project lead for open source project
More informationLINUX, WINDOWS(MCSE),
Virtualization Foundation Evolution of Virtualization Virtualization Basics Virtualization Types (Type1 & Type2) Virtualization Demo (VMware ESXi, Citrix Xenserver, Hyper-V, KVM) Cloud Computing Foundation
More informationCloudHealth. AWS and Azure On-Boarding
CloudHealth AWS and Azure On-Boarding Contents 1. Enabling AWS Accounts... 3 1.1 Setup Usage & Billing Reports... 3 1.2 Setting Up a Read-Only IAM Role... 3 1.3 CloudTrail Setup... 5 1.4 Cost and Usage
More informationUsing vrealize Operations Tenant App as a Service Provider
Using vrealize Operations Tenant App as a Service Provider Using vrealize Operations Tenant App as a Service Provider You can find the most up-to-date technical documentation on the VMware Web site at:
More informationAmazon AppStream 2.0: SOLIDWORKS Deployment Guide
2018 Amazon AppStream 2.0: SOLIDWORKS Deployment Guide Build an Amazon AppStream 2.0 environment to stream SOLIDWORKS to your users June 2018 https://aws.amazon.com/appstream2/ 1 Welcome This guide describes
More informationVMware Workspace ONE UEM VMware AirWatch Cloud Connector
VMware AirWatch Cloud Connector VMware Workspace ONE UEM 1811 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments about this
More informationHow to Keep UP Through Digital Transformation with Next-Generation App Development
How to Keep UP Through Digital Transformation with Next-Generation App Development Peter Sjoberg Jon Olby A Look Back, A Look Forward Dedicated, data structure dependent, inefficient, virtualized Infrastructure
More informationHow-to Guide: Tenable Nessus for Microsoft Azure. Last Updated: April 03, 2018
How-to Guide: Tenable Nessus for Microsoft Azure Last Updated: April 03, 2018 Table of Contents How-to Guide: Tenable Nessus for Microsoft Azure 1 Introduction 3 Auditing the Microsoft Azure Cloud Environment
More informationVMWARE HORIZON CLOUD WITH VMWARE IDENTITY MANAGER QUICK START GUIDE WHITE PAPER MARCH 2018
VMWARE HORIZON CLOUD WITH VMWARE IDENTITY MANAGER QUICK START GUIDE WHITE PAPER MARCH 2018 Table of Contents Introduction to Horizon Cloud with Manager.... 3 Benefits of Integration.... 3 Single Sign-On....3
More informationInstalling and Configuring vcloud Connector
Installing and Configuring vcloud Connector vcloud Connector 2.6.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new
More informationVMWARE ENTERPRISE PKS
DATASHEET AT A GLANCE VMware Enterprise PKS is a productiongrade Kubernetes-based container solution equipped with advanced networking, a private container registry, and full lifecycle management. VMware
More informationInstalling and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.
Installing and Configuring VMware Identity Manager Connector 2018.8.1.0 (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.3 You can find the most up-to-date technical documentation on
More informationConfluence Data Center on the AWS Cloud
Confluence Data Center on the AWS Cloud Quick Start Reference Deployment March 2017 Atlassian AWS Quick Start Reference Team Contents Overview... 2 Costs and Licenses... 2 Architecture... 3 Prerequisites...
More informationJIRA Software and JIRA Service Desk Data Center on the AWS Cloud
JIRA Software and JIRA Service Desk Data Center on the AWS Cloud Quick Start Reference Deployment Contents October 2016 (last update: November 2016) Chris Szmajda, Felix Haehnel Atlassian Shiva Narayanaswamy,
More informationCloud Computing /AWS Course Content
Cloud Computing /AWS Course Content 1. Amazon VPC What is Amazon VPC? How to Get Started with Amazon VPC Create New VPC Launch an instance (Server) to use this VPC Security in Your VPC Networking in Your
More informationVMWARE PKS. What is VMware PKS? VMware PKS Architecture DATASHEET
DATASHEET VMWARE PKS AT A GLANCE VMware PKS is a production-grade Kubernetes-based container solution equipped with advanced networking, a private container registry, and full lifecycle management. VMware
More informationCommunity Edition Getting Started Guide. July 25, 2018
Community Edition Getting Started Guide July 25, 2018 Copyright 2018 by Qualys, Inc. All Rights Reserved. Qualys and the Qualys logo are registered trademarks of Qualys, Inc. All other trademarks are the
More informationDocker Container Access Reference Design
Docker Container Access Reference Design Version 06-18-2016 Copyright 2014-2016 Aviatrix Systems, Inc. All rights reserved. Introduction Project Skyhook by Aviatrix enables VPN users to access remote Docker
More informationSecurity Camp 2016 Cloud Security. August 18, 2016
Security Camp 2016 Cloud Security What I ll be discussing Cloud Security Topics Cloud overview The VPC and structures Cloud Access Methods Who owns your data? Cover your Cloud trail? Protection approaches
More informationIntroduction to Cloud Computing
You will learn how to: Build and deploy cloud applications and develop an effective implementation strategy Leverage cloud vendors Amazon EC2 and Amazon S3 Exploit Software as a Service (SaaS) to optimize
More informationWeb Cloud Solution. User Guide. Issue 01. Date
Issue 01 Date 2017-05-30 Contents Contents 1 Overview... 3 1.1 What Is Web (CCE+RDS)?... 3 1.2 Why You Should Choose Web (CCE+RDS)... 3 1.3 Concept and Principle... 4... 5 2.1 Required Services... 5 2.2
More informationAnsible Tower Quick Setup Guide
Ansible Tower Quick Setup Guide Release Ansible Tower 2.4.5 Red Hat, Inc. Jun 06, 2017 CONTENTS 1 Quick Start 2 2 Login as a Superuser 3 3 Import a License 4 4 Examine the Tower Dashboard 6 5 The Setup
More informationVMware AirWatch Cloud Connector Guide ACC Installation and Integration
VMware AirWatch Cloud Connector Guide ACC Installation and Integration Workspace ONE UEM v1810 Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard on support.air-watch.com.
More informationDeploy and Secure an Internet Facing Application with the Barracuda Web Application Firewall in Amazon Web Services
Deploy and Secure an Internet Facing Application with the in Amazon Web In this lab, you will deploy an unsecure web application into Amazon Web (AWS), and then secure the application using the. To create
More informationOpenManage Integration for VMware vcenter Quick Install Guide for vsphere Client, Version 2.3.1
OpenManage Integration for VMware vcenter Quick Install Guide for vsphere Client, Version 2.3.1 Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use
More informationAmazon Web Services (AWS) Solutions Architect Intermediate Level Course Content
Amazon Web Services (AWS) Solutions Architect Intermediate Level Course Content Introduction to Cloud Computing A Short history Client Server Computing Concepts Challenges with Distributed Computing Introduction
More informationRed Hat Quay 2.9 Deploy Red Hat Quay - Basic
Red Hat Quay 2.9 Deploy Red Hat Quay - Basic Deploy Red Hat Quay Last Updated: 2018-09-14 Red Hat Quay 2.9 Deploy Red Hat Quay - Basic Deploy Red Hat Quay Legal Notice Copyright 2018 Red Hat, Inc. The
More informationDEVOPS COURSE CONTENT
LINUX Basics: Unix and linux difference Linux File system structure Basic linux/unix commands Changing file permissions and ownership Types of links soft and hard link Filter commands Simple filter and
More informationVMware AirWatch Content Gateway for Linux. VMware Workspace ONE UEM 1811 Unified Access Gateway
VMware AirWatch Content Gateway for Linux VMware Workspace ONE UEM 1811 Unified Access Gateway You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/
More informationMarkLogic Server. MarkLogic Server on Microsoft Azure Guide. MarkLogic 9 January, 2018
MarkLogic Server on Microsoft Azure Guide 1 MarkLogic 9 January, 2018 Last Revised: 9.0-4, January, 2018 2018 MarkLogic Corporation. MarkLogic and the MarkLogic logo are trademarks or registered trademarks
More informationRed Hat Cloud Suite 1.1
Red Hat Cloud Suite 1.1 Product Guide Overview of the Red Hat Cloud Suite Last Updated: 2018-12-14 Red Hat Cloud Suite 1.1 Product Guide Overview of the Red Hat Cloud Suite Red Hat Cloud Suite Documentation
More informationWe are ready to serve Latest IT Trends, Are you ready to learn? New Batches Info
We are ready to serve Latest IT Trends, Are you ready to learn? New Batches Info START DATE : TIMINGS : DURATION : TYPE OF BATCH : FEE : FACULTY NAME : LAB TIMINGS : Storage & Database Services : Introduction
More informationEDB Postgres Enterprise Manager EDB Ark Management Features Guide
EDB Postgres Enterprise Manager EDB Ark Management Features Guide Version 7.4 August 28, 2018 by EnterpriseDB Corporation Copyright 2013-2018 EnterpriseDB Corporation. All rights reserved. EnterpriseDB
More informationFAST TRACK YOUR AMAZON AWS CLOUD TECHNICAL SKILLS. Enterprise Website Hosting with AWS
FAST TRACK YOUR AMAZON AWS CLOUD TECHNICAL SKILLS Enterprise Website Hosting with AWS 2 Day Course Outline Table of Contents Introduction Course Structure Course Outline Day 1 - Introduction to Cloud Computing,
More informationUSM Anywhere AlienApps Guide
USM Anywhere AlienApps Guide Updated April 23, 2018 Copyright 2018 AlienVault. All rights reserved. AlienVault, AlienApp, AlienApps, AlienVault OSSIM, Open Threat Exchange, OTX, Unified Security Management,
More informationVMware Skyline Collector Installation and Configuration Guide. VMware Skyline 1.4
VMware Skyline Collector Installation and Configuration Guide VMware Skyline 1.4 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have
More informationIaaS Integration Guide
FUJITSU Software Enterprise Service Catalog Manager V16.1.0 IaaS Integration Guide Windows(64) B1WS-1259-02ENZ0(00) September 2016 Preface Purpose of This Document This document explains the introduction
More informationSonicWall Web Application Firewall 2.0. AWS Deployment Guide
SonicWall Web Application Firewall 2.0 AWS Deployment Guide Contents 1 Overview..........................................................................3 Before You Begin....................................................................4
More informationAWS Integration Guide
AWS Integration Guide Cloud-Native Security www.aporeto.com AWS Integration Guide Aporeto integrates with AWS to help enterprises efficiently deploy, manage, and secure applications at scale and the compute
More informationOnCommand Cloud Manager 3.2 Deploying and Managing ONTAP Cloud Systems
OnCommand Cloud Manager 3.2 Deploying and Managing ONTAP Cloud Systems April 2017 215-12035_C0 doccomments@netapp.com Table of Contents 3 Contents Before you create ONTAP Cloud systems... 5 Logging in
More informationVMware Integrated OpenStack Quick Start Guide
VMware Integrated OpenStack Quick Start Guide VMware Integrated OpenStack 1.0.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced
More informationResiliency Replication Appliance Installation Guide Version 7.2
Resiliency Replication Appliance Installation Guide Version 7.2 DISCLAIMER IBM believes that the information in this publication is accurate as of its publication date. The information is subject to change
More informationPowerful Insights with Every Click. FixStream. Agentless Infrastructure Auto-Discovery for Modern IT Operations
Powerful Insights with Every Click FixStream Agentless Infrastructure Auto-Discovery for Modern IT Operations The Challenge AIOps is a big shift from traditional ITOA platforms. ITOA was focused on data
More informationFROM MONOLITH TO DOCKER DISTRIBUTED APPLICATIONS
FROM MONOLITH TO DOCKER DISTRIBUTED APPLICATIONS Carlos Sanchez @csanchez Watch online at carlossg.github.io/presentations ABOUT ME Senior So ware Engineer @ CloudBees Author of Jenkins Kubernetes plugin
More informationEdgeConnect for Amazon Web Services (AWS)
Silver Peak Systems EdgeConnect for Amazon Web Services (AWS) Dinesh Fernando 2-22-2018 Contents EdgeConnect for Amazon Web Services (AWS) Overview... 1 Deploying EC-V Router Mode... 2 Topology... 2 Assumptions
More informationTIBCO Cloud Integration Security Overview
TIBCO Cloud Integration Security Overview TIBCO Cloud Integration is secure, best-in-class Integration Platform as a Service (ipaas) software offered in a multi-tenant SaaS environment with centralized
More informationPexip Infinity and Amazon Web Services Deployment Guide
Pexip Infinity and Amazon Web Services Deployment Guide Contents Introduction 1 Deployment guidelines 2 Configuring AWS security groups 4 Deploying a Management Node in AWS 6 Deploying a Conferencing Node
More informationAWS Reference Architecture - CloudGen Firewall Auto Scaling Cluster
AWS Reference Architecture - CloudGen Firewall Auto Scaling Cluster Protecting highly dynamic AWS resources with a static firewall setup is neither efficient nor economical. A CloudGen Firewall Auto Scaling
More informationIdentity Management and Compliance in OpenShift
Identity Management and Compliance in OpenShift Or Use DevOps to Make Your Auditors and Suits Happy Marc Boorshtein CTO, Tremolo Security Ellen Newlands Senior Security Product Manager, Cloud Business
More informationDeploying and Using ArcGIS Enterprise in the Cloud. Bill Major
Deploying and Using ArcGIS Enterprise in the Cloud Bill Major Quick Survey Your role in your organization - Developer? - Cloud Admin? Already a cloud user Running Esri deployment on AWS Running Esri deployment
More informationPARTLY CLOUDY DESIGN & DEVELOPMENT OF A HYBRID CLOUD SYSTEM
PARTLY CLOUDY DESIGN & DEVELOPMENT OF A HYBRID CLOUD SYSTEM This project is focused on building and implementing a single course exploration and enrollment solution that is intuitive, interactive, and
More informationVMware Enterprise Systems Connector Installation and Configuration. JULY 2018 VMware Identity Manager 3.2 VMware Identity Manager VMware AirWatch 9.
VMware Enterprise Systems Connector Installation and Configuration JULY 2018 VMware Identity Manager 3.2 VMware Identity Manager VMware AirWatch 9.3 You can find the most up-to-date technical documentation
More informationMOVE AntiVirus page-level reference
McAfee MOVE AntiVirus 4.7.0 Interface Reference Guide (McAfee epolicy Orchestrator) MOVE AntiVirus page-level reference General page (Configuration tab) Allows you to configure your McAfee epo details,
More informationSUREedge Migrator Installation Guide for Amazon AWS
SUREedge Migrator Installation Guide for Amazon AWS Contents 1. Introduction... 3 1.1 SUREedge Migrator Deployment Scenarios... 3 1.2 Installation Overview... 4 2. Obtaining Software and Documentation...
More informationPulse Connect Secure Virtual Appliance on Amazon Web Services
` Pulse Connect Secure Virtual Appliance on Amazon Web Services Deployment Guide Release 9.0R1 Release 9.0R1 Document Revision 1.2 Published Date June 2018 Pulse Secure, LLC 2700 Zanker Road, Suite 200
More informationLoad Balancing Web Servers with OWASP Top 10 WAF in AWS
Load Balancing Web Servers with OWASP Top 10 WAF in AWS Quick Reference Guide V1.0.1 ABOUT THIS GUIDE This document provides a quick reference guide on how to load balance Web Servers and configure a WAF
More informationLab Guide. Barracuda NextGen Firewall F-Series Microsoft Azure - NGF0501
Barracuda NextGen Firewall F-Series Microsoft Azure - NGF0501 Lab Guide Official training material for Barracuda certified trainings and Authorized Training Centers. Edition 2018 Revision 1.0 campus.barracuda.com
More informationInformation Security Policy
Information Security Policy Information Security is a top priority for Ardoq, and we also rely on the security policies and follow the best practices set forth by AWS. Procedures will continuously be updated
More informationSAP Vora - AWS Marketplace Production Edition Reference Guide
SAP Vora - AWS Marketplace Production Edition Reference Guide 1. Introduction 2 1.1. SAP Vora 2 1.2. SAP Vora Production Edition in Amazon Web Services 2 1.2.1. Vora Cluster Composition 3 1.2.2. Ambari
More informationAWS Landing Zone. AWS User Guide. November 2018
AWS Landing Zone AWS User Guide November 2018 Copyright (c) 2018 by Amazon.com, Inc. or its affiliates. AWS Landing Zone User Guide is licensed under the terms of the Amazon Software License available
More informationMcAfee Cloud Workload Security Suite Amazon Machine Image Installation Guide
McAfee Cloud Workload Security Suite Amazon Machine Image Installation Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator,
More informationDeploying VMware Identity Manager in the DMZ. JULY 2018 VMware Identity Manager 3.2
Deploying VMware Identity Manager in the DMZ JULY 2018 VMware Identity Manager 3.2 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have
More informationAWS FREQUENTLY ASKED QUESTIONS (FAQ)
UCPATH @ AWS FREQUENTLY ASKED QUESTIONS (FAQ) ARCHITECTURE WHAT WILL CHANGE DURING THIS MOVE TO AWS? All environments use a standardized format using Cloud Formation Scripts. They are also all encapsulated
More informationArcGIS 10.3 Server on Amazon Web Services
ArcGIS 10.3 Server on Amazon Web Services Copyright 1995-2016 Esri. All rights reserved. Table of Contents Introduction What is ArcGIS Server on Amazon Web Services?............................... 5 Quick
More informationCloudStack Administration Guide
CloudStack Administration Guide For CloudStack Version 3.0.0 3.0.2 Revised August 16, 2012 4:41 PM 2011, 2012 Citrix Systems, Inc. All rights reserved. Specifications are subject to change without notice.
More informationAALOK INSTITUTE. DevOps Training
DevOps Training Duration: 40Hrs (8 Hours per Day * 5 Days) DevOps Syllabus 1. What is DevOps? a. History of DevOps? b. How does DevOps work anyways? c. Principle of DevOps: d. DevOps combines the best
More informationKubernetes: Twelve KeyFeatures
Kubernetes: Twelve KeyFeatures Kubernetes is a Greek word which means helmsman, or the pilot of a ship. It is an open source project that was started by Google and derived from Borg, which is used inside
More informationNetBackup Collection Quick Start Guide
NetBackup Collection Quick Start Guide This whitepaper is intended for IT professionals, IT managers, and IT personnel responsible for the planning, setup, and/or administration of Veritas Information
More informationCloud & container monitoring , Lars Michelsen Check_MK Conference #4
Cloud & container monitoring 04.05.2018, Lars Michelsen Some cloud definitions Applications Data Runtime Middleware O/S Virtualization Servers Storage Networking Software-as-a-Service (SaaS) Applications
More informationKuberiter White Paper. Kubernetes. Cloud Provider Comparison Chart. Lawrence Manickam Kuberiter Inc
Kuberiter White Paper Kubernetes Cloud Provider Comparison Chart Lawrence Manickam Kuberiter Inc Oct 2018 Executive Summary Kubernetes (K8S) has become the de facto standard for Cloud Application Deployments.
More informationLoad Balancing Nginx Web Servers with OWASP Top 10 WAF in AWS
Load Balancing Nginx Web Servers with OWASP Top 10 WAF in AWS Quick Reference Guide V1.0.2 ABOUT THIS GUIDE This document provides a quick reference guide on how to load balance Nginx Web Servers and configure
More informationExam : Implementing Microsoft Azure Infrastructure Solutions
Exam 70-533: Implementing Microsoft Azure Infrastructure Solutions Objective Domain Note: This document shows tracked changes that are effective as of January 18, 2018. Design and Implement Azure App Service
More informationQualys Cloud Platform
Qualys Cloud Platform Our Journey into the Cloud: The Qualys Cloud Platform & Architecture Thomas Wendt Regional Manager Post-Sales, DACH, Qualys Inc. Digital Transformation More than just adopting new
More informationLoad Balancing Microsoft Remote Desktop Services. Deployment Guide v Copyright Loadbalancer.org
Load Balancing Microsoft Remote Desktop Services Deployment Guide v2.0.2 Copyright Loadbalancer.org Table of Contents About this Guide...4 2. Loadbalancer.org Appliances Supported...4 3. Loadbalancer.org
More informationGetting Started with AWS Security
Getting Started with AWS Security Tomas Clemente Sanchez Senior Consultant Security, Risk and Compliance September 21st 2017 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Move
More informationApache CloudStack CloudStack Administrator's Guide
Apache CloudStack 4.0.2 CloudStack Administrator's Guide open source cloud com put ing Apache CloudStack CloudStack Administrator's Guide Apache CloudStack 4.0.2 CloudStack Administrator's Guide Author
More informationIaaS Integration Guide
FUJITSU Software Enterprise Service Catalog Manager V16.0.0 IaaS Integration Guide Windows(64) B1WS-1259-01ENZ0(00) February 2016 Preface Purpose of This Document This document explains the introduction
More informationOpenManage Integration for VMware vcenter Quick Install Guide for vsphere Client, Version 2.3
OpenManage Integration for VMware vcenter Quick Install Guide for vsphere Client, Version 2.3 Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of
More informationVMware Identity Manager Connector Installation and Configuration (Legacy Mode)
VMware Identity Manager Connector Installation and Configuration (Legacy Mode) VMware Identity Manager This document supports the version of each product listed and supports all subsequent versions until
More informationHOW TO PLAN & EXECUTE A SUCCESSFUL CLOUD MIGRATION
HOW TO PLAN & EXECUTE A SUCCESSFUL CLOUD MIGRATION Steve Bertoldi, Solutions Director, MarkLogic Agenda Cloud computing and on premise issues Comparison of traditional vs cloud architecture Review of use
More informationEDB Postgres Enterprise Manager EDB Ark Management Features Guide
EDB Postgres Enterprise Manager EDB Ark Management Features Guide Version 7.6 January 9, 2019 by EnterpriseDB Corporation Copyright 2013-2019 EnterpriseDB Corporation. All rights reserved. EnterpriseDB
More informationAmazon Web Services Training. Training Topics:
Amazon Web Services Training Training Topics: SECTION1: INTRODUCTION TO CLOUD COMPUTING A Short history Client Server Computing Concepts Challenges with Distributed Computing Introduction to Cloud Computing
More informationSecuring Microservice Interactions in Openstack and Kubernetes
Securing Microservice Interactions in Openstack and Kubernetes Yoshio Turner & Jayanth Gummaraju Co- Founders @ Banyan https://www.banyanops.com Banyan Founded in the middle of 2015 In San Francisco, CA
More information